Several vulnerabilities have been discovered in Sympa, a mailing listmanager, that allow to skip the scenario-based authorizationmechanisms. This vulnerability allows to display the archivesmanagement page, and download and delete the list archives byunauthorized users.

For the stable distribution (squeeze), this problem has been fixed inversion 6.0.1+dfsg-4+squeeze1.

For the testing distribution (wheezy), this problem will be fixedsoon.

For the unstable distribution (sid), this problem has been fixed inversion 6.1.11~dfsg-2.

We recommend that you upgrade your sympa packages.

Further information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: http://www.debian.org/security/